We have a requirement to disable aggressive mode on a Cisco ASA5520 we have several Cisco IPSEC Remote VPN clients using pre shared keys, I'm aware that disabling aggressive mode will require digital certificates on the IPSEC VPN clients. Instead of using digital certificates on all the clients would using the Cisco Any Connect VPN client instead of the Cisco IPSEC client allow me to disable aggressive mode on the ASA?
Are there any advantages or disadvantages in using the Cisco Any Connect Client?
Aggressive mode is an alternative in the ISAKMP negotiation process. ISAKMP is part of IPSec. The AnyConnect client uses SSL instead of IPSec. So there is no ISAKMP associated with AnyConnect. So if you transition the clients to AnyConnect you can disable Aggressive mode and not impact any users.
Perhaps the biggest disadvantage is that you have to pay for each SSL VPN client (Anyconnect) and the IPSEC clients are free with the box. If that is not an issue, then Anyconnect would be a good option. It would even support Visa64bit whereas the IPSEC client does not. SSL is also easier to traverse through firewalls.
And as Rick mentioned, SSL VPNs use HTTPS whereas IPSEC VPNs use IPSEC (ESP/UDP 500 etc). So there is no relation between the agressive mode setting and SSL VPNs.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :